CVE-2025-45150 - LangChain-ChatGLM-Webui File Disclosure Vulnerability
CVE ID : CVE-2025-45150
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2025-45778 - The Language Sloth Web Application Stored XSS
CVE ID : CVE-2025-45778
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2025-48074 - OpenEXR DataWindow Size Validation Vulnerability
CVE ID : CVE-2025-48074
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2025-51501 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-51501
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2025-51502 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-51502
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2025-51504 - Microweber CMS Cross Site Scripting (XSS)
CVE ID : CVE-2025-51504
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 17:15:00 GMT
read more
CVE-2019-19144 - Quantum DXi6702 XML External Entity Injection Vulnerability
CVE ID : CVE-2019-19144
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-44139 - Emlog Pro File Upload Vulnerability
CVE ID : CVE-2025-44139
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-50460 - Apache Ms-Swift Remote Code Execution (RCE)
CVE ID : CVE-2025-50460
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-50472 - Apache Spark - Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-50472
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized `.mdl` payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note that the payload file is a hidden file, making it difficult for the victim to detect tampering. More importantly, during the model training process, after the `.mdl` file is loaded and executes arbitrary code, the normal training process remains unaffected'meaning the user remains unaware of the arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-52327 - Restaurant Order System SQL Injection
CVE ID : CVE-2025-52327
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-52361 - Lighttpd AK-Nord USB-Server-LXL Root Command Execution
CVE ID : CVE-2025-52361
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-52390 - Saurus CMS SQL Injection Vulnerability
CVE ID : CVE-2025-52390
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 16:15:00 GMT
read more
CVE-2025-45767 - Jose Weak Encryption Vulnerability
CVE ID : CVE-2025-45767
Published : Aug. 1, 2025, 3:15 p.m. | 3 hours ago
Description : jose v6.0.10 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 15:15:00 GMT
read more
CVE-2023-44976 - Shunwang Rentdrv2 EDR Process Termination Vulnerability
CVE ID : CVE-2023-44976
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 14:15:00 GMT
read more
CVE-2025-46018 - CSC Pay Mobile App Bluetooth Payment Authorization Bypass Vulnerability
CVE ID : CVE-2025-46018
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 14:15:00 GMT
read more
CVE-2025-41370 - Gandia Integra Total TESI SQL Injection Vulnerability
CVE ID : CVE-2025-41370
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41371 - Gandia Integra Total TESI SQL Injection
CVE ID : CVE-2025-41371
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb_v4/integra/html/view/acceso.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41372 - Gandia Integra Total TESI SQL Injection
CVE ID : CVE-2025-41372
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41373 - Gandia Integra Total TESI SQL Injection
CVE ID : CVE-2025-41373
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41374 - Gandia Integra Total TESI SQL Injection Vulnerability
CVE ID : CVE-2025-41374
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41375 - Gandia Integra Total TESI SQL Injection Vulnerability
CVE ID : CVE-2025-41375
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-41376 - Gandia Integra Total TESI SQL Injection Vulnerability
CVE ID : CVE-2025-41376
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 13:15:00 GMT
read more
CVE-2025-4684 - WordPress BlockSpare Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4684
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image Slider widgets in all versions up to, and including, 3.2.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 12:15:00 GMT
read more
CVE-2025-6228 - Sina Extension for Elementor Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-6228
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 12:15:00 GMT
read more
CVE-2025-6398 - ASUS AI Suite 3 Null Pointer Dereference Vulnerability
CVE ID : CVE-2025-6398
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the '
Security Update for for AI Suite 3
' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 09:15:00 GMT
read more
CVE-2025-8443 - Code-projects Online Medicine Guide SQL Injection Vulnerability
CVE ID : CVE-2025-8443
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 09:15:00 GMT
read more
CVE-2025-8441 - Code-projects Online Medicine Guide SQL Injection Vulnerability
CVE ID : CVE-2025-8441
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 08:15:00 GMT
read more
CVE-2025-8442 - Code-projects Online Medicine Guide SQL Injection Vulnerability
CVE ID : CVE-2025-8442
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 08:15:00 GMT
read more
CVE-2025-8438 - Code-Projects Wazifa System SQL Injection Vulnerability
CVE ID : CVE-2025-8438
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 07:15:00 GMT
read more
CVE-2025-8439 - Wazifa System SQL Injection Vulnerability
CVE ID : CVE-2025-8439
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 07:15:00 GMT
read more
CVE-2025-7646 - Elementor Addons Stored Cross-Site Scripting
CVE ID : CVE-2025-7646
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 07:15:00 GMT
read more
CVE-2025-8437 - Kitchen Treasure SQL Injection Vulnerability
CVE ID : CVE-2025-8437
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 07:15:00 GMT
read more
CVE-2025-31716 - Cisco Bootloader Out-of-Bounds Write Denial of Service
CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 06:15:00 GMT
read more
CVE-2025-54939 - LiteSpeed QUIC (LSQUIC) Library LSQUIC Engine Packet In Memory Leak
CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 06:15:00 GMT
read more
CVE-2025-5921 - "SureForms WordPress Reflected Cross-Site Scripting"
CVE ID : CVE-2025-5921
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 06:15:00 GMT
read more
CVE-2025-8436 - Projectworlds Online Admission System SQL Injection Vulnerability
CVE ID : CVE-2025-8436
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 06:15:00 GMT
read more
CVE-2025-8454 - Debian Package devscripts OpenPGP Verification Bypass
CVE ID : CVE-2025-8454
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 06:15:00 GMT
read more
CVE-2025-8435 - Code-projects Online Movie Streaming PHP Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 10 hours, 14 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 05:15:00 GMT
read more
CVE-2025-7725 - WordPress OpenAI Plugin Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 05:15:00 GMT
read more
CVE-2025-7845 - Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 05:15:00 GMT
read more
CVE-2025-4523 - IDonate WordPress Plugin Unauthorized Data Access Vulnerability
CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 05:15:00 GMT
read more
CVE-2025-7443 - BerqWP Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 05:15:00 GMT
read more
CVE-2025-54846 - Apache HTTP Server HTTP Request Smuggling
CVE ID : CVE-2025-54846
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54847 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-5947 - WordPress Service Finder Bookings Privilege Escalation
CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-8433 - Dell Document Management System Path Traversal Vulnerability
CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-8434 - Apache Code-projects Online Movie Streaming Remote File Inclusion Vulnerability
CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54844 - Apache Struts Command Execution
CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54845 - Adobe Flash Memory Corruption Vulnerability
CVE ID : CVE-2025-54845
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54842 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54843 - Fortinet DNS Server Insufficient Input Validation
CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2019-19145 - Quantum SuperLoader 3 Password Brute Force
CVE ID : CVE-2019-19145
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-53399 - Sipwise RTPengine RTP Stream Injection and Interception Vulnerability
CVE ID : CVE-2025-53399
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54657 - Apache Struts Command Injection
CVE ID : CVE-2025-54657
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54839 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54839
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54840 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-54841 - Apache Struts SQL Injection
CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 04:16:00 GMT
read more
CVE-2025-5954 - WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability
CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 3 hours, 11 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 03:15:00 GMT
read more
CVE-2025-8431 - PHPGurukul Boat Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 4 hours, 11 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Fri, 01 Aug 2025 02:15:00 GMT
read more
CVE-2025-48071 - OpenEXR ZIPS-packed Deep Scan-Line Heap Buffer Overflow
CVE ID : CVE-2025-48071
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2025-48072 - OpenEXR Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-48072
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2025-48073 - OpenEXR NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2023-32251 - Linux Kernel ksmbd Dictionary Attack Bypass
CVE ID : CVE-2023-32251
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2025-23289 - NVIDIA Omniverse Launcher Information Disclosure Vulnerability
CVE ID : CVE-2025-23289
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2025-45768 - PyJWT Weak Encryption
CVE ID : CVE-2025-45768
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : pyjwt v2.10.1 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 21:15:00 GMT
read more
CVE-2025-50572 - Archer Technology RSA Archer Code Execution Vulnerability
CVE ID : CVE-2025-50572
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-8286 - Güralp FMUS series Telnet Command Injection Vulnerability
CVE ID : CVE-2025-8286
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that
could allow an attacker to modify hardware configurations, manipulate
data, or factory reset the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-37108 - "HPE Telco Service Activator Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-37108
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-37109 - HPE Telco Service Activator Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-37109
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-37110 - HPE Telco Network Function Virtual Orchestrator Information Disclosure
CVE ID : CVE-2025-37110
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-37111 - HPE Telco Network Function Virtual Orchestrator Authentication Key Storage Policy Information Disclosure
CVE ID : CVE-2025-37111
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-37112 - HPE Telco Network Function Virtual Orchestrator Key Storage Policy Information Disclosure
CVE ID : CVE-2025-37112
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-45769 - PHP JWT Weak Encryption Vulnerability
CVE ID : CVE-2025-45769
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : php-jwt v6.11.0 was discovered to contain weak encryption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-45770 - "Auth0 JWT Weak Encryption Vulnerability"
CVE ID : CVE-2025-45770
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : jwt v5.4.3 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 20:15:00 GMT
read more
CVE-2025-26062 - Intelbras RX1500/3000 Unauthenticated Access to Settings File
CVE ID : CVE-2025-26062
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 19:15:00 GMT
read more
CVE-2025-26063 - Intelbras RX1500/3000 - Unauthenticated Remote Code Execution Vulnerability
CVE ID : CVE-2025-26063
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 19:15:00 GMT
read more
CVE-2025-26064 - Intelbras RX1500/RX3000 Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-26064
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 19:15:00 GMT
read more
CVE-2025-51385 - D-Link DI-8200 Buffer Overflow Vulnerability
CVE ID : CVE-2025-51385
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-51503 - Microweber CMS Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-51503
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-54832 - OPEXUS FOIAXpress Arbitrary State/Territory Modification Vulnerability
CVE ID : CVE-2025-54832
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-54833 - OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability
CVE ID : CVE-2025-54833
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-54834 - OPEXUS FOIAXpress Information Disclosure Vulnerability
CVE ID : CVE-2025-54834
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-8426 - Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS
CVE ID : CVE-2025-8426
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-51384 - D-Link DI-8200 IPsec Buffer Overflow
CVE ID : CVE-2025-51384
Published : July 31, 2025, 6:15 p.m. | 6 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2025-51383 - D-Link DI-8200 Buffer Overflow Vulnerability
CVE ID : CVE-2025-51383
Published : July 31, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 18:15:00 GMT
read more
CVE-2024-34327 - Sielox AnyWare SQL Injection
CVE ID : CVE-2024-34327
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 17:15:00 GMT
read more
CVE-2025-50866 - CloudClassroom-PHP Project 1.0 Reflected Cross-site Scripting (XSS)
CVE ID : CVE-2025-50866
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 17:15:00 GMT
read more
CVE-2025-50867 - CloudClassroom-PHP-Project SQL Injection
CVE ID : CVE-2025-50867
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-52203 - DevaslanPHP Stored XSS
CVE ID : CVE-2025-52203
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-8409 - "Code-projects Vehicle Management SQL Injection"
CVE ID : CVE-2025-8409
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-29556 - ExaGrid EX10 Incorrect Access Control Bypass
CVE ID : CVE-2025-29556
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-46809 - SUSE Multi Linux Manager HTTP Proxy Credentials Disclosure
CVE ID : CVE-2025-46809
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-50847 - CS Cart CSRF Add Product to Comparison List
CVE ID : CVE-2025-50847
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-50848 - "CS Cart Cross-Site Scripting (XSS) File Upload Vulnerability"
CVE ID : CVE-2025-50848
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-50850 - CS Cart Brute Force Vendor Login
CVE ID : CVE-2025-50850
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 16:15:00 GMT
read more
CVE-2025-34146 - SandboxJS Prototype Pollution Vulnerability
CVE ID : CVE-2025-34146
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-50270 - AnQiCMS Stored XSS
CVE ID : CVE-2025-50270
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-50475 - Russound MBX-PRE-D67F OS Command Injection Vulnerability
CVE ID : CVE-2025-50475
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-50849 - CS Cart IDOR
CVE ID : CVE-2025-50849
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-51569 - LB-Link BL-CPE300M Router Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-51569
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when the crafted URL is accessed. The issue requires user interaction to exploit.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-52289 - MagnusBilling Broken Access Control Vulnerability
CVE ID : CVE-2025-52289
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-8408 - Apache Vehicle Management SQL Injection
CVE ID : CVE-2025-8408
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125121 - Array Networks vAPV/vxAG SSH Privilege Escalation Vulnerability
CVE ID : CVE-2014-125121
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges.
Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125122 - Linksys WRT120N Remote Stack Buffer Overflow Vulnerability
CVE ID : CVE-2014-125122
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125123 - Kloxo SQL Injection Vulnerability
CVE ID : CVE-2014-125123
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. After recovering valid credentials, the attacker can authenticate to the Kloxo control panel and leverage the Command Center feature (display.php) to execute arbitrary operating system commands as root on the underlying host system. This vulnerability was reported to be exploited in the wild in January 2014.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125124 - Pandora FMS Anyterm Remote Command Execution
CVE ID : CVE-2014-125124
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125125 - A10 Networks AX Loadbalancer Path Traversal Vulnerability
CVE ID : CVE-2014-125125
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2014-125126 - Apache Simple E-Document Unrestricted File Upload and Authentication Bypass
CVE ID : CVE-2014-125126
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2024-34328 - Sielox AnyWare Open Redirect Vulnerability
CVE ID : CVE-2024-34328
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-29557 - ExaGrid EX10 Remote Authentication Bypass
CVE ID : CVE-2025-29557
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10042 - FreeFTPd FTP PASS Command Stack-Based Buffer Overflow
CVE ID : CVE-2013-10042
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10043 - OAstium VoIP PBX Remote Code Execution Vulnerability
CVE ID : CVE-2013-10043
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10033 - Kimai SQL Injection Remote Code Execution
CVE ID : CVE-2013-10033
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10034 - Kaseya KServer Unauthenticated File Upload Remote Code Execution Vulnerability
CVE ID : CVE-2013-10034
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10035 - ProcessMaker Code Injection Vulnerability
CVE ID : CVE-2013-10035
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10036 - Beetel Connection Manager Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2013-10036
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10037 - WebTester OS Command Injection Vulnerability
CVE ID : CVE-2013-10037
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10038 - FlashChat Arbitrary File Upload Vulnerability
CVE ID : CVE-2013-10038
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10039 - GestioIP Command Injection Vulnerability
CVE ID : CVE-2013-10039
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2013-10040 - ClipBucket Remote Code Execution Vulnerability
CVE ID : CVE-2013-10040
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 31 Jul 2025 15:15:00 GMT
read more
CVE-2025-54589 - Copyparty Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-54589
Published : July 31, 2025, 2:15 p.m. | 49 minutes ago
Description : Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `